[SOLVED]YAT case login

Posted: Sun Aug 02, 2009 6:51 am

I'm inspecting the Your_Account index.php file especialy the login case.

I'm having trouble detecting at what position it is setted where the user is verified.

If anyone could enlighten for me:

Code:

case 'login':


      global $nsnst_const;


      if (!isset($gfx_check)) $gfx_check = '';


      $username = check_html(trim($username) , 'nohtml'); // RN0001003


      $user_password = htmlspecialchars(stripslashes($user_password));


      $result = $db->sql_query('SELECT * FROM ' . $user_prefix . '_users WHERE username=\'' . addslashes($username) . '\'');


      $ya_numUser = $db->sql_numrows($result);


      $setinfo = $db->sql_fetchrow($result);


      // menelaos: check of the member agreed with the TOS and update the database field


      if (isset($_POST['tos_yes'])) {


         if (($ya_config['tos'] == 1) AND ($_POST['tos_yes'] == 1)) {


            $db->sql_query('UPDATE ' . $user_prefix . '_users SET agreedtos=\'1\' WHERE username=\'' . addslashes($username) . '\'');


         }


      }


      $forward = ereg_replace('redirect=', '', $redirect);


      if (ereg('privmsg', $forward)) $pm_login = 'active';


      else $pm_login = '';


      if ($ya_numUser == 0) {


         include_once 'header.php';


         Show_YA_menu();


         OpenTable();


         echo '<center><span class="title">' . _SORRYNOUSERINFO . '</span></center>';


         CloseTable();


         include_once 'footer.php';


      } elseif ($ya_numUser == 1 AND $setinfo['user_id'] != 1 AND $setinfo['user_password'] != '' AND $setinfo['user_active'] > 0 AND $setinfo['user_level'] > 0) {


         /*


         * Check user against database - montego: I do not like the following code, why do we always


         * want to update the users password even if it hadn't changed?  I am leaving this here for now


         * as time for 2.3.0 is short. We should also consider changing the encryption algorithm with a


         * better salt too, but it would force a ton of problems with existing sites.


         */


         $dbpass = $setinfo['user_password'];


         $non_crypt_pass = $user_password;


         $old_crypt_pass = crypt($user_password, substr($dbpass, 0, 2));


         $new_pass = md5($user_password);


         if (($dbpass == $non_crypt_pass) OR ($dbpass == $old_crypt_pass)) {


            $db->sql_query('UPDATE ' . $user_prefix . '_users SET user_password=\'' . $new_pass . '\'   WHERE username=\'' . addslashes($username) . '\'');


            $result = $db->sql_query('SELECT user_password FROM ' . $user_prefix . '_users   WHERE username=\'' . addslashes($username) . '\'');


            list($dbpass) = $db->sql_fetchrow($result);


         }


         if ($dbpass != $new_pass) {


            Header('Location: modules.php?name=' . $module_name . '&stop=1');


            die();


         }


         // menelaos: show a member the current TOS if he has not agreed yet


         //if (($ya_config['tos'] == 1) AND ($ya_config['tosall'] == 1) AND ($setinfo['agreedtos'] != 1)) {


         //   if (!isset($_POST['tos_yes']) or $_POST['tos_yes'] != 1) {


         //      include_once 'modules/' . $module_name . '/public/ya_tos.php';


         //      exit;


         //   }


         //}


         $datekey = date('F j');


         $rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $random_num . $datekey));


         $code = substr($rcode, 2, $ya_config['codesize']);


         if (!security_code_check($gfx_check, array(2, 4, 5, 7))) {


            include_once 'header.php';


            OpenTable();


            echo '<center><strong>' . _SECCODEINCOR . '</strong><br /><br />';


            echo '[ <a href="modules.php?name=' . $module_name . '">' . _GOBACK2 . '</a> ]</center>';


            CloseTable();


            include_once 'footer.php';


            die();


         }


         if (extension_loaded('gd') AND $code != $gfx_check AND ($ya_config['usegfxcheck'] == 2 OR $ya_config['usegfxcheck'] == 3)) {


            Header('Location: modules.php?name=' . $module_name . '&stop=1');


            die();


         } else {


            // menelaos: show a member the current TOS if he has not agreed yet


            yacookie($setinfo['user_id'], $setinfo['username'], $new_pass, $setinfo['storynum'], $setinfo['umode'], $setinfo['uorder'], $setinfo['thold'], $setinfo['noscore'], $setinfo['ublockon'], $setinfo['theme'], $setinfo['commentmax']);


            if (!defined('NUKESENTINEL_IS_LOADED')) {


               $uname = $_SERVER['REMOTE_ADDR'];


            } else {


               $uname = $nsnst_const['remote_ip'];


            }


            if (!ereg('^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})$', $uname)) $uname = '127.0.0.1'; // RN0001003


            $db->sql_query('DELETE FROM ' . $prefix . '_session WHERE uname=\'' . $uname . '\' AND guest=\'1\'');


            //      if ($Version_Num >= 7.4)


            $db->sql_query('UPDATE ' . $user_prefix . '_users SET last_ip=\'' . $uname . '\' WHERE username=\'' . addslashes($username) . '\'');


         }


         // menelaos: the cookiecheck is run here


         if ($ya_config['cookiecheck'] == 1) {


            $cookiecheck = yacookiecheckresults();


         }


         if (isset($pm_login) && $pm_login != '') {


            Header('Location: modules.php?name=Private_Messages&file=index&folder=inbox');


         } elseif ($redirect == '') {


            Header('Location: modules.php?name=Your_Account&op=userinfo&bypass=1&username=' . $username);


         } elseif ($mode == '') {


            Header('Location: forums.html?file=' . $forward);


         } elseif ($t != '') {


            Header('Location: forums.html?file=' . $forward . '&mode=' . $mode . '&t=' . $t);


         } else {


            Header('Location: forums.html?file=' . $forward . '&mode=' . $mode . '&f=' . $f);


         }


      } elseif ($ya_numUser == 1 AND ($setinfo['user_level'] < 1 OR $setinfo['user_active'] < 1)) {


         include_once 'header.php';


         Show_YA_menu();


         OpenTable();


         if ($setinfo['user_level'] == 0) {


            echo '<br /><center><span class="title"><strong>' . _ACCSUSPENDED . '</strong></span></center><br />';


         } elseif ($setinfo['user_level'] == -1) {


            echo '<br /><center><span class="title"><strong>' . _ACCDELETED . '</strong></span></center><br />';


         } else {


            echo '<br /><center><span class="title"><strong>' . _SORRYNOUSERINFO . '</strong></span></center><br />';


         }


         CloseTable();


         include_once 'footer.php';


      } else {


         Header('Location: modules.php?name=' . $module_name . '&stop=1');


      }


      break;

i need to execute some aditional code.
I would also be satisfeid when ever it is the login case , i could run an aditional code outside the yat module itself.

[EDITED]
i solved my problem by doing a if $op in another file outside of the YAT module.
FYI i ad a simular case:

Code:

if ($op == 'login') {


$do_something;


}   


if ($op == 'logout') {


$do_something_else;





}

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

What is YAT?

Posted: Mon Aug 03, 2009 10:39 am

it should simply be YA , it is something in my head, probaly refering to your account tweak